EUVD-2026-19875

Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of .map requests for optimized dependencies resolves file paths and calls readFile without restricting ../ segments in the URL. As a result, it is possible to bypass the...

PT-2026-30926

Name of the Vulnerable Software and Affected Versions Vite versions 6.0.0 through 6.4.1, 7.3.2, and 8.0.5 Description The Vite dev server improperly handles .map requests for optimized dependencies. It resolves file paths and calls readFile without restricting '../' segments in the URL, potential...

VulnCheck KEV: CVE-2024-56159

Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible...

EUVD-2020-21423

Malware in sbrugna...

EUVD-2024-24496

Malicious code in bioql PyPI...

CVE-2024-27257

IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users...

CVE-2024-56159

Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible...

CVE-2020-29041

A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension code review. Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contai...

PT-2025-6214 · Esbuild · Esbuild

Name of the Vulnerable Software and Affected Versions: esbuild affected versions not specified Description: The issue allows any website to send requests to the development server and read the response due to default CORS settings. This is because esbuild sets the Access-Control-Allow-Origin:...

CVE-2024-27257

IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users...

CVE-2024-27257

IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users...

CVE-2024-27257

IBM OpenPages is affected (versions 8.3 and 9.0). The issue is exposure of information about client-side source code via JavaScript source maps, enabling disclosure to unauthorized users. Root cause details indicate that source maps are not required for functionality and should be disabled or fix...

CVE-2024-27257 IBM OpenPages information disclosure

IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users...

CVE-2024-27257 IBM OpenPages information disclosure

IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users...

PT-2024-21776 · Ibm · Ibm Openpages

Name of the Vulnerable Software and Affected Versions: IBM OpenPages versions 8.3 through 9.0 Description: The issue potentially exposes information about client-side source code to unauthorized users through the use of JavaScript source maps. Recommendations: For IBM OpenPages versions 8.3 and...

Security Bulletin: IBM OpenPages exposes client-side source code through use of JavaScript source maps (CVE-2024-27257)

Summary A vulnerability caused by exposure of information about IBM OpenPages client-side source code through use of JavaScript source maps to unauthorized users is addressed. Vulnerability Details CVEID:CVE-2024-27257 DESCRIPTION: IBM OpenPages potentially exposes information about client-side...

Information Exposure

sanitize-html is vulnerable to Information Exposure. The vulnerability is due to the parsing of CSS through the style attribute without disabling source maps, which can allow attackers to infer the file system structure and dependencies of the server...

CVE-2020-29041

A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension code review. Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contai...

CVE-2020-29041

A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension code review. Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contai...

Code injection

A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension code review. Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contai...